BugTraq
Back to list
|
Post reply
phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-
Mar 04 2005 08:37PM
Wesley aka PPC (ppc respected as)
(1 replies)
Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-
Mar 07 2005 05:21PM
Matthias (admin n0ki de)
Wesley aka PPC wrote:
>
> -----------------------------------
>
> phpBB 2.0.12 Session Handling
> Administrator Authentication
> Bypass EXPLOIT -SIMPLIFIED-
> - By PPC^Rebyte
>
> -----------------------------------
>
...
> 3* Preparation
> ______________
>
> 1. Register at forum?
>
> 2. Log in with account
> + UNCHECK "Log in automatically"
>
...
you do not need to register and login, if you browse on a forum
a ANONYMOUS (id=0) Session is opened and a Cookie created.
Now you must delete the phpbb2_sid cookie and write the exploit
code in the phpbb2_data cookie.
So you don't must login.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
>
> -----------------------------------
>
> phpBB 2.0.12 Session Handling
> Administrator Authentication
> Bypass EXPLOIT -SIMPLIFIED-
> - By PPC^Rebyte
>
> -----------------------------------
>
...
> 3* Preparation
> ______________
>
> 1. Register at forum?
>
> 2. Log in with account
> + UNCHECK "Log in automatically"
>
...
you do not need to register and login, if you browse on a forum
a ANONYMOUS (id=0) Session is opened and a Cookie created.
Now you must delete the phpbb2_sid cookie and write the exploit
code in the phpbb2_data cookie.
So you don't must login.
[ reply ]